This session dives into how purple teams can emulate APT29, a known nation-state threat actor, using MITRE CALDERA to drive threat-informed defense. Instead of working in silos, this talk demonstrates how red and blue teams can collaborate, forming a purple team, to simulate real-world attacks and improve detection coverage through structured purple teaming.

Attendees will learn how to:
1. Deploy CALDERA in a lab environment.
2. Emulate APT29’s real TTPs using open-source plugins.
3. Use osquery and auditd to detect adversarial behavior.
4. Build repeatable purple team exercises and detection rules.

This session includes a lightweight live demo showcasing the red-blue collaboration in a purple teaming loop with the help of open-source utilities and frameworks: Emulate --> Detect --> Validate --> Tune.

Ideal for threat hunters, SOC teams, detection engineers, and red teamers who want to build synergy between offense and defense.